Data privacy statement for the website of Medizinisches Versorgungszentrum radios GmbH

Data Privacy Statement

radios GmbH takes protection of your personal data very seriously. We treat your personal data confidentially and handle it in accordance with statutory data protection regulations and this Data Privacy Statement. 

This Data Privacy Statement provides you with information on the nature, scope and purpose of processing of your data. The terms used are as defined in Article 4 of the General Data Protection Regulation (GDPR).

 

Controller

Medizinisches Versorgungszentrum radios GmbH
Luise-Rainer-Straße 6-10
40235 Düsseldorf
Germany

Tel.: + 49 211 -  44 77 - 3000
Fax: +49 211 -  44 77 - 3099

 
Types of data processed

- Contact data (such as your first name, surname, and telephone number)
- Data for requests for appointments (such as your first name, surname, type of examination, and e-mail address)
- Usage data (such as the websites you call, your interest in content, and access times)
- Communication data (such as your IP address and browser version)

 

Categories of data subject

Users of this website, such as interested persons, clients and employees.

 

Purpose of processing

- Provision of information on the company
- Provision of requests for appointments
- Provision of means of contact
- Security measures to protect the website
- Marketing and analysis of user behaviour

 

Definitions

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation performed with or without automated processes or any process in connection with personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. 

 

Relevant legal grounds

The basis of data protection law is the individual’s right of informational self-determination. In compliance with Article 13 GDPR, we inform you about the legal grounds on which we process data. The legal basis for obtaining consent to processing is Article 6 (1) point (a) and Article 7 GDPR, the legal basis for processing data to perform our services and contractual measures, as well as to reply to requests and inquiries, is Article 6 (1) point (b) GDPR, the legal basis for processing data to fulfil our legal obligations is Article 6 (1) point (c) GDPR, and the legal basis for processing data to safeguard our legitimate interests is Article 6 (1) point (f) GDPR. If vital interests of the data subject or another natural person necessitate processing of personal data, the legal basis for that is Article 6 (1) point (d) GDPR.

 

Cooperation with third parties or processors 

If, as part of our processing activities, we disclose data to other persons and companies (third parties), transmit it to them, or otherwise allow them to access the data, this shall be done solely if authorised under the law, if you have consented, there is a legal obligation to do so, or if we have legitimate interests in doing so.

If we engage third parties to process data on our behalf, that is done on the basis of Article 28 GDPR.

 

Transmission of data to third countries

If we process data in a third country or do so by utilising the services of third parties or if we disclose or transmit data to third parties, that will be done only to perform our contractual obligations or steps prior to entering into a contract, subject to your consent, pursuant to a legal obligation, or if we have legitimate interests in doing so. If processing of the data is permissible, it is done on the basis of special safeguards, such as an officially recognised decision that the country in question has a level of data protection commensurate with that in the EU or subject to compliance with officially recognised special contractual obligations.

 

Rights of data subjects

Right to access (Article 15 GDPR)
The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her is being processed. Where that is the case, the data subject has a right to access to that data and to information on, among other things, the purposes of the processing, the origin of the data, its recipients, the period of time for which the data is stored, and his or her rights.

Rectification (Article 16 GDPR)
The data subject has the right to obtain the rectification of inaccurate personal data concerning him or her and to have incomplete personal data completed.

Erasure (Article 17 GDPR)
The data subject has the right to obtain the erasure of personal data concerning him or her, for example if it is no longer required for the purpose for which it was originally collected or processed or the data subject withdraws consent to processing of it. A special form of the right to have data erased is now also a “right to be forgotten” if the controller has made the data to be erased public. The controller must then take reasonable steps to inform bodies which are processing this data that the data subject has requested the erasure by those bodies of any links to, or copy or replication of, that data. 

Restriction of processing (Article 18 DSGVO)
The data subject can also demand restriction of processing of his or her data in specific cases. For example: If the data subject has objected to processing of the data pending the verification whether the legitimate grounds of the controller override those of the data subject. 

Right to data portability (Article 20 GDPR)
The right to data portability gives data subjects the right, if certain requirements are met, to obtain a copy of personal data concerning them in a commonly used and machine-readable file format.

Right to lodge a complaint (Article 77 GDPR)
Data subjects have the right to lodge a complaint with the responsible supervisory authority.

Right to withdraw consent (Article 7 (3) GDPR)
Data subjects have the right to withdraw consent to processing of their data with future effect.

Right to object (Article 21 GDPR)
Data subjects can object to future processing of their data at any time. In particular, they can object to processing of their data for direct marketing purposes.

 

Erasure of data

The data we have processed is erased in compliance with Articles 17 and 18 GDPR or processing of it is restricted. Unless explicitly stated in this Data Privacy Statement, the data we have stored is erased as soon as it is no longer required for its specific purpose and unless statutory obligations to retain the data prevent that. If the data is not erased because it is required for other, legally permissible purposes, processing of it is restricted. That applies, for example, to data that has to be retained for reasons under commercial or fiscal law.


Collection of access data and log files

On the basis of our legitimate interests (Article 5 (1) (f) GDPR), we store data on all access to the web server so as to ensure the website’s availability. The access data includes the name of the website called, the file, the data and time at which the site was called, the amount of date, status reports, the type of browser and its version, the user’s operating system, the IP address and other technical information if applicable.

Log files are stored for a maximum of seven days for security reasons and then erased. Data used as evidence is not erased until the incident in question has been fully investigated.


Contacting us

When users contact us (such as by e-mail, using a contact form or by phone), their particulars are processed in order to deal with the request and the steps required for handling it. Users’ particulars can be stored in a suitable customer management program or similar form of organisation.

We erase data stored in connection with requests if it is no longer required and statutory archiving obligations do not prevent that.


Cookies and the right to object to direct marketing

Cookies are small files which are stored on the user’s computer system. Various items of information may be stored in the cookies. A cookie can be used to store information on users (such as their browser version or interests) during or after their visit within a website. These cookies can be stored temporarily or permanently. 

We may use temporary and permanent cookies and provide you with information on that in our Data Privacy Statement. If data subjects do not want cookies to be stored on their computer system, they are asked to disable that using the option in their browser’s system settings. Preventing the use of cookies may restrict the functions of this website.

 

Integration of Google Maps

We use Google Maps on this website. This enables us to display interactive maps directly on the website and makes it easy for you to use the map functions. That is a legitimate interest within the meaning of Article 6 (1) point (f) GDPR.

When you visit our website, Google is informed that you have visited the corresponding subpage of our website. The data specified in the section “Types of data processed” is also transferred. This is done irrespectively of whether Google offers a user account and you are logged into this account or you do not have a user account. If you are logged into Google, your data will be directly associated with your account. If you do not want Google to associate your actions with your profile, you must log out of your account before activating the button. Google stores your data as user profiles and uses it for the purposes of advertising, market research and/or designing its website to suit needs. Such an evaluation is conducted in particular (even for users who are not logged in) in order to provide advertising tailored to the user and to inform other users of the social network about your activities on our website. You have the right to object to creation of these user profiles, but must contact Google in order to exercise this right. 

You can find more information on the purpose and scope of the collection and processing of data by the plug-in provider in the privacy policies of the provider. These policies also provide you with further information on your rights concerning this issue and the settings that you can use to protect your privacy: https://policies.google.com/privacy?hl=en&gl=de. Google also processes your personal data in the U.S. and participates in the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

 

Data Protection Officer

If you have any questions on data protection, you can also contact our Data Protection Officer directly:

David Seiler
Chausseestr. 19
03051 Cottbus

email: seiler(at)ds-law.eu
Web: www.ds-law.eu